ACM Transactions on Computer Systems (TOCS)
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
System noise, OS clock ticks, and fine-grained parallel applications
Proceedings of the 19th annual international conference on Supercomputing
ALS '01 Proceedings of the 5th annual Linux Showcase & Conference - Volume 5
Performance analysis and comparison of interrupt-handling schemes in gigabit networks
Computer Communications
Concurrent Direct Network Access for Virtual Machine Monitors
HPCA '07 Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture
I/O for Virtual Machine Monitors: Security and Performance Issues
IEEE Security and Privacy
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Resource management for isolation enhanced cloud services
Proceedings of the 2009 ACM workshop on Cloud computing security
Controlling data in the cloud: outsourcing computation without outsourcing control
Proceedings of the 2009 ACM workshop on Cloud computing security
Efficient Cache Attacks on AES, and Countermeasures
Journal of Cryptology
Architectural breakdown of end-to-end latency in a TCP/IP network
International Journal of Parallel Programming - Special issue on the 19th international symposium on computer architecture and high performance computing (SBAC-PAD 2007)
Deniable cloud storage: sharing files via public-key deniability
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
CloudPolice: taking access control out of the network
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
New results on instruction cache attacks
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
The turtles project: design and implementation of nested virtualization
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Verifiable resource accounting for cloud computing services
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
An exploration of L2 cache covert channels in virtualized environments
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
How to tell if your cloud files are vulnerable to drive crashes
Proceedings of the 18th ACM conference on Computer and communications security
Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring
DSNW '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Hardware-enhanced access control for cloud computing
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Performance considerations in designing network interfaces
IEEE Journal on Selected Areas in Communications
Improving virtualization security by splitting hypervisor into smaller components
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
The MEERKATS Cloud Security Architecture
ICDCSW '12 Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Unity: secure and durable personal cloud storage
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Cross-VM side channels and their use to extract private keys
Proceedings of the 2012 ACM conference on Computer and communications security
New approaches to security and availability for cloud data
Communications of the ACM
CloudER: a framework for automatic software vulnerability location and patching in the cloud
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Managing and accessing data in the cloud: Privacy risks and approaches
CRISIS '12 Proceedings of the 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)
Chatty tenants and the cloud network sharing problem
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Socket overloading for fun and cache-poisoning
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
We define and study cloudoscopy, i.e., exposing sensitive information about the location of (victim) cloud services and/or about the internal organisation of the cloud network, in spite of location-hiding efforts by cloud providers. A typical cloudoscopy attack is composed of a number of steps: first expose the internal IP address of a victim instance, then measure its hop-count distance from adversarial cloud instances, and finally test to find a specific instance which is close enough to the victim (e.g., co-resident) to allow (denial of service or side-channel) attacks. We refer to the three steps/modules involved in such cloudoscopy attack by the terms IP address deanonymisation, hop-count measuring, and co-residence testing. We present specific methods for these three cloudoscopy modules, and report on results of our experimental validation on popular cloud platform providers. Our techniques can be used for attacking (victim) servers, as well as for benign goals, e.g., optimisation of instances placement and communication, or comparing clouds and validating cloud-provider placement guarantees.